CVE-2014-9743

Description

Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.

How to fix CVE-2014-9743

To remediate CVE-2014-9743, upgrade the affected package to a fixed version below.

• Debian/vlc—upgrade to 2.2.0~rc2-1 or later

Is CVE-2014-9743 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.2.0~rc2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-9743